那些年我們一起開的搞笑地產公司 五都法拍屋 9月爆量-歪樓篇

蜜小雪 wrote:
那當然, 最近圓滾...(恕刪)

這株黃玫瑰種很久了,七、八年前在田尾買的
矮個子長不高,但每年都會開花,形體不大,唯顏色純淨、層次豐富


DSE92381_cr-5ps
by CH Lin, 於 Flickr

這管Leica M50DR真是好鏡一枚
A版於2020/02/29已終結定版.
/interface bridge
add fast-forward=no igmp-snooping=no name=bridge
/interface bridge port(除非當中繼或開VLAN及需連數據機則用.反之則建議停用.)
add bridge=bridge comment=defconf disabled=yes interface=ether1

add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf disabled=yes interface=wlan1
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=pppoe-out1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge \
network=192.168.88.0
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 \
gateway=192.168.88.1 netmask=24
/ip dns
set allow-remote-requests=yes cache-max-ttl=0s servers=\
168.95.192.1,168.95.1.1
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip neighbor discovery-settings
set discover-interface-list=none
/ip settings
set rp-filter=no
set tcp-syncookies=no
ip cloud
set update-time=no
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set winbox disabled=yes
set api-ssl disabled=yes
/system logging
add topics=wireless,debug
/system ntp client
set enabled=yes server-dns-names=\
0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org
/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool mac-server ping
set enabled=no
/ip firewall address-list
add address=0.0.0.0/8 list=BasicBOGONS
add address=169.254.0.0/16 list=BasicBOGONS
add address=224.0.0.0/4 list=BasicBOGONS
add address=255.255.255.255 list=BasicBOGONS
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1 \
comment="NAT from local address back to public IP"
add action=redirect chain=dstnat comment=\
"Block DNS Hijacking for Local area Network" \
dst-address-type=!local dst-port=53 \
protocol=udp src-address-type=!local
/ip firewall filter
add action=drop chain=input comment="drop login brute forcers 1" dst-port=\
21,22,23,8291 protocol=tcp src-address-list=login_blacklist
add action=add-src-to-address-list address-list=login_blacklist \
address-list-timeout=1d chain=input comment="drop login brute forcers 2" \
connection-state=new dst-port=21,22,23,8291 protocol=tcp \
src-address-list=login_stage2
add action=add-src-to-address-list address-list=login_stage2 \
address-list-timeout=1m chain=input comment="drop login brute forcers 3" \
connection-state=new dst-port=21,22,23,8291 protocol=tcp \
src-address-list=login_stage1
add action=add-src-to-address-list address-list=login_stage1 \
address-list-timeout=1m chain=input comment="drop login brute forcers 4" \
connection-state=new dst-port=21,22,23,8291 protocol=tcp
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="Port scanners to list" \
protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" \
protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="SYN/FIN scan" protocol=tcp \
tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="SYN/RST scan" protocol=tcp \
tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" protocol=\
tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="ALL/ALL scan" protocol=tcp \
tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="NMAP NULL scan" protocol=tcp \
tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="Dropping port scanners(Input)" \
src-address-list="port scanners"
add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 \
protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
address-list-timeout=1w3d chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp
add action=drop chain=forward comment="Drop SSH Brute Downstream" \
dst-port=22 protocol=tcp src-address-list=ssh_blacklist
add chain=input connection-state=established,related,untracked \
comment="Accept established,related,untracked packets"
add action=jump chain=input jump-target=icmp protocol=icmp \
comment="Jump for icmp input flow"
add action=drop chain=input in-interface=!bridge log=yes \
log-prefix="Drop All" comment="Drop all not coming from LAN"
add chain=forward connection-state=established,related,untracked \
comment="Accept established,related,untracked packets"
add action=drop chain=forward connection-state=invalid \
comment="Drop invalid packets"
add action=drop chain=forward connection-nat-state=!dstnat \
connection-state=new in-interface=pppoe-out1 \
comment="Drop all from WAN not DSTNATed"
add action=drop chain=forward src-address-list=BasicBOGONS \
comment="Drop bogon-list"
add action=drop chain=forward dst-address-list=BasicBOGONS \
comment="Drop bogon-list"
add action=jump chain=forward jump-target=icmp protocol=icmp \
comment="Jump for icmp forward flow"
add chain=icmp icmp-options=0:0 protocol=icmp \
comment="Echo Reply"
add chain=icmp icmp-options=3:0 protocol=icmp \
comment="Net Unreachable"
add chain=icmp icmp-options=3:1 protocol=icmp \
comment="Host Unreachable"
add chain=icmp icmp-options=3:4 protocol=icmp \
comment="Fragmentation Needed and DF set"
add chain=icmp icmp-options=4:0 protocol=icmp \
comment="Source Quench"
add chain=icmp icmp-options=8:0 protocol=icmp \
comment="Allow Echo Request"
add chain=icmp icmp-options=11:0 protocol=icmp \
comment="Allow Time Exceeded"
add chain=icmp icmp-options=12:0 protocol=icmp \
comment="Parameter Bad"
add action=drop chain=icmp log=yes \
log-prefix="Drop Other Types" comment="Deny Other Types"
add action=jump chain=output jump-target=icmp protocol=icmp \
comment="Jump for icmp output flow"
/system scheduler
add comment="Check and set NTP servers" interval=6h name=SetNtpServers \
on-event="# SetNtpServers - Check and set NTP servers from NTP pool\\

# v1.2 Tested and Developed on ROS v5.7\\

#\\

# Change the following line as needed as progName should match script na\\
me \\

:local progName \\"SetNtpServers\";\

\

# Array of NTP pools to use (check www.pool.ntp.org) one or a maximum of\
\_two, a primary & secondary\

# Modify the following line and array variable based on your locale (def\
ault is north america).\

:local arrNtpSystems (\"taiwan.pool.ntp.org\", \"asia.pool.ntp.org\");\

# Alternatively the TW related pool below can be used. \

#:local arrNtpSystems (\"taiwan.pool.ntp.org\", \"asia.pool.ntp.org\");\

#\

# No modification is necessary beyond this line.\

:put \"\$progName: Running...\";\

:log info \"\$progName: Running...\";\

:set arrNtpSystems [ :toarray \$arrNtpSystems ];\

:if (( [ :len \$arrNtpSystems ] < 1 ) or ( [ :len \$arrNtpSystems ] > 2 \
)) do={ \

:put \"\$progName: ERROR NTP Systems array (\\\$arrNtpSystems) must \
be either one or two DNS names.\";\

:log info \"\$progName: ERROR NTP Systems array (\\\$arrNtpSystems) \
must be either one or two DNS names.\";\

} else={\

:local arrRosNtpSetting (\"primary-ntp\", \"secondary-ntp\");\

:local i 0;\

:foreach strNtpSystem in (\$arrNtpSystems) do={\

:local ipAddrNtpSystem [ :resolve \$strNtpSystem ];\

:local strRosNtpSetting [ :pick \$arrRosNtpSetting \$i ];\

:local strCurrentNtpIp [ /system ntp client get \$strRosNtpSetti\
ng ];\

:put \"\$progName: NTP server DNS name \$strNtpSystem resolves t\
o \$ipAddrNtpSystem.\";\

:log info \"\$progName: NTP server DNS name \$strNtpSystem resol\
ves to \$ipAddrNtpSystem.\";\

:put \"\$progName: Current \$strRosNtpSetting setting is \$strCu\
rrentNtpIp.\";\

:log info \"\$progName: Current \$strRosNtpSetting setting is \$\
strCurrentNtpIp.\";\

:if ( [ :toip \$ipAddrNtpSystem ] != [ :toip \$strCurrentNtpIp ]\
\_) do={\

:put \"\$progName: Changing \$strRosNtpSetting setting to \$\
ipAddrNtpSystem.\";\

:log info \"\$progName: Changing \$strRosNtpSetting setting \
to \$ipAddrNtpSystem.\";\

:local strCommand [ :parse \"/system ntp client set \$strRos\
NtpSetting=\\\"\$ipAddrNtpSystem\\\"\" ];\

\$strCommand;\

} else={\

:put \"\$progName: No changes were made for the \$strRosNtpS\
etting NTP setting.\";\

:log info \"\$progName: No changes were made for the \$strRo\
sNtpSetting NTP setting.\";\

}\

:set i (\$i + 1);\

}\

}\

:put \"\$progName: Done.\";\

:log info \"\$progName: Done.\";" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-time=startup
/queue type
add kind=pcq name=PCQ_download pcq-classifier=dst-address
add kind=pcq name=PCQ_upload pcq-classifier=src-address
/queue tree
add burst-limit=100M burst-threshold=88M burst-time=5s max-limit=95M \
name=queue1 packet-mark=client_download parent=bridge queue=\
PCQ_download
add burst-limit=40M burst-threshold=20M burst-time=5s max-limit=38M \
name=queue2 packet-mark=client_upload parent=pppoe-out1 queue=\
PCQ_upload
/ip firewall mangle
add action=change-mss chain=forward comment="Change MSS" \
new-mss=clamp-to-pmtu passthrough=yes protocol=tcp tcp-flags=syn
add action=change-mss chain=output new-mss=clamp-to-pmtu \
passthrough=yes protocol=tcp tcp-flags=syn
add action=mark-packet chain=prerouting in-interface=bridge \
new-packet-mark=client_upload passthrough=yes
add action=mark-packet chain=prerouting in-interface=pppoe-out1 \
new-packet-mark=client_download passthrough=yes
add action=jump chain=prerouting connection-state=new dst-port=443 \
jump-target=tcp-services protocol=tcp
add action=jump chain=prerouting connection-state=new jump-target=\
tcp-services protocol=tcp
add action=jump chain=prerouting connection-state=new jump-target=\
udp-services protocol=udp
add action=jump chain=prerouting connection-state=new jump-target=\
other-services
add action=mark-connection chain=tcp-services dst-port=20-21 \
new-connection-mark=ftp passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=22 \
new-connection-mark=ssh passthrough=no protocol=tcp src-port=513-65535
add action=mark-connection chain=tcp-services dst-port=23 \
new-connection-mark=telnet passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=25 \
new-connection-mark=smtp passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=53 \
new-connection-mark=dns passthrough=no protocol=tcp src-port=53
add action=mark-connection chain=tcp-services dst-port=53 \
new-connection-mark=dns passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=80 \
new-connection-mark=http passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=110 \
new-connection-mark=pop3 passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=113 \
new-connection-mark=auth passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=119 \
new-connection-mark=nntp passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=137-139 \
new-connection-mark=netbios passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=143 \
new-connection-mark=imap passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=161-162 \
new-connection-mark=snmp passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-address=78.31.0.0/16 \
dst-port=443 new-connection-mark=spotify passthrough=no \
protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-address=!78.31.0.0/16 \
dst-port=443 new-connection-mark=https passthrough=no \
protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=445 \
new-connection-mark=ms-ds passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=465 \
new-connection-mark=smtps passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=990 \
new-connection-mark=ftps passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=993 \
new-connection-mark=imaps passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=995 \
new-connection-mark=pop3s passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=1080 \
new-connection-mark=socks passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=1723 \
new-connection-mark=pptp passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=1863 \
new-connection-mark=msn passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=2379 \
new-connection-mark=kgs passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=3128 \
new-connection-mark=squid-proxy passthrough=no protocol=tcp \
src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=3389 \
new-connection-mark=win-ts passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=3845 \
new-connection-mark=smartpass passthrough=no protocol=tcp \
src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=4070 \
new-connection-mark=spotify passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=2000-3000 \
new-connection-mark=bwtest passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=4242-4243 \
new-connection-mark=emule passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=1024-65535 \
new-connection-mark=overnet passthrough=no protocol=tcp src-port=4661-4662
add action=mark-connection chain=tcp-services dst-port=1024-65535 \
new-connection-mark=emule passthrough=no protocol=tcp src-port=4711
add action=mark-connection chain=tcp-services dst-port=5900-5901 \
new-connection-mark=vnc passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=6667-6669 \
new-connection-mark=irc passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=8080 \
new-connection-mark=http-proxy passthrough=no protocol=tcp \
src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=8291 \
new-connection-mark=winbox passthrough=no protocol=tcp \
src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=42041-42052 \
new-connection-mark=voddler passthrough=no protocol=tcp \
src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=55536-55663 \
new-connection-mark=ftp-passive passthrough=no protocol=tcp \
src-port=1024-65535
add action=mark-connection chain=tcp-services new-connection-mark=\
other-tcp passthrough=no protocol=tcp
add action=mark-connection chain=udp-services dst-port=53 \
new-connection-mark=dns passthrough=no protocol=udp \
src-port=1024-65535
add action=mark-connection chain=udp-services dst-port=67 \
new-connection-mark=dhcp passthrough=no protocol=udp src-port=67-68
add action=mark-connection chain=udp-services dst-port=123 \
new-connection-mark=ntp passthrough=no protocol=udp src-port=123
add action=mark-connection chain=udp-services dst-port=123 \
new-connection-mark=ntp passthrough=no protocol=udp \
src-port=1024-65535
add action=mark-connection chain=udp-services dst-port=137-139 \
new-connection-mark=netbios passthrough=no protocol=udp \
src-port=1024-65535
add action=mark-connection chain=udp-services dst-port=161-162 \
new-connection-mark=snmp passthrough=no protocol=udp \
src-port=1024-65535
add action=mark-connection chain=udp-services dst-port=514 \
new-connection-mark=syslog passthrough=no protocol=udp \
src-port=1024-65535
add action=mark-connection chain=udp-services dst-port=1701 \
new-connection-mark=l2tp passthrough=no protocol=udp \
src-port=1024-65535
add action=mark-connection chain=udp-services dst-port=3544 \
new-connection-mark=ms-ipv6 passthrough=no protocol=udp \
src-port=1024-65535
add action=mark-connection chain=udp-services dst-port=4665 \
new-connection-mark=emule passthrough=no protocol=udp \
src-port=1024-65535
add action=mark-connection chain=udp-services dst-port=4672 \
new-connection-mark=emule passthrough=no protocol=udp \
src-port=1024-65535
add action=mark-connection chain=udp-services dst-port=2000-3000 \
new-connection-mark=bwtest passthrough=no protocol=udp \
src-port=1024-65535
add action=mark-connection chain=udp-services dst-port=1024-65535 \
new-connection-mark=emule passthrough=no protocol=udp src-port=4672
add action=mark-connection chain=udp-services dst-port=12053 \
new-connection-mark=overnet passthrough=no protocol=udp \
src-port=1024-65535
add action=mark-connection chain=udp-services dst-port=20561 \
new-connection-mark=mac-winbox passthrough=no protocol=udp \
src-port=1024-65535
add action=mark-connection chain=udp-services dst-port=42041-42052 \
new-connection-mark=voddler passthrough=no protocol=udp \
src-port=1024-65535
add action=mark-connection chain=udp-services dst-port=1024-65535 \
new-connection-mark=overnet passthrough=no protocol=udp src-port=12053
add action=mark-connection chain=udp-services dst-port=1024-65535 \
new-connection-mark=skype passthrough=no protocol=udp src-port=36725
add action=mark-connection chain=udp-services new-connection-mark=\
other-udp passthrough=no protocol=udp
add action=mark-connection chain=other-services icmp-options=8:0-255 \
new-connection-mark=ping passthrough=no protocol=icmp
add action=mark-connection chain=other-services new-connection-mark=gre \
passthrough=no protocol=gre
add action=mark-connection chain=other-services new-connection-mark=other \
passthrough=no
/ip firewall raw
add action=drop chain=prerouting comment="Block Teredo IPv6-tunnel" \
dst-port=3544,3545 protocol=udp
--
Arctic Monkeys - Tranquility Base Hotel & Casino
寶貝:)開心最重要.嘻哈!
B版於2020/02/29已終結定版.
NeverGiveUp!! wrote:
更正一下.弄精簡一...(恕刪)
/interface bridge
add fast-forward=no igmp-snooping=no name=bridge
/interface bridge port(除非當中繼或開VLAN及需連數據機則用.反之則建議停用.)
add bridge=bridge comment=defconf disabled=yes interface=ether1

add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf disabled=yes interface=wlan1
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=pppoe-out1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge \
network=192.168.88.0
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 \
gateway=192.168.88.1 netmask=24
/ip dns
set allow-remote-requests=yes cache-max-ttl=0s servers=\
168.95.192.1,168.95.1.1
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip neighbor discovery-settings
set discover-interface-list=none
/ip settings
set rp-filter=no
set tcp-syncookies=no
ip cloud
set update-time=no
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set winbox disabled=yes
set api-ssl disabled=yes
/system logging
add topics=wireless,debug
/system ntp client
set enabled=yes server-dns-names=\
0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org
/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool mac-server ping
set enabled=no
/ip firewall address-list
add address=0.0.0.0/8 list=NotPublic
add address=10.0.0.0/8 list=NotPublic
add address=100.64.0.0/10 list=NotPublic
add address=127.0.0.0/8 list=NotPublic
add address=169.254.0.0/16 list=NotPublic
add address=172.16.0.0/12 list=NotPublic
add address=192.0.0.0/24 list=NotPublic
add address=192.0.2.0/24 list=NotPublic
add address=192.88.99.0/24 list=NotPublic
add address=192.168.0.0/16 list=NotPublic
add address=198.18.0.0/15 list=NotPublic
add address=198.51.100.0/24 list=NotPublic
add address=203.0.113.0/24 list=NotPublic
add address=224.0.0.0/3 list=NotPublic
/ip firewall nat
add action=dst-nat chain=dstnat in-interface=pppoe-out1 \
log=yes to-addresses=192.168.88.0/24 \
comment="NAT to local address"
add action=masquerade chain=srcnat out-interface=pppoe-out1 \
comment="NAT from local address back to public IP"
add action=redirect chain=dstnat comment=\
"Block DNS Hijacking for Local area Network" \
dst-address-type=!local dst-port=53 \
protocol=udp src-address-type=!local
/ip firewall filter
add chain=input connection-state=established,related \
comment="Accept established and related packets"
add chain=input in-interface=bridge \
comment="Accept all connections from local network"
add action=drop chain=input connection-state=invalid \
comment="Drop invalid"
add action=drop chain=input dst-address-type=!local comment=\
"Drop all packets which are not destined to routes IP address"
add action=drop chain=input src-address-type=!unicast comment=\
"Drop all packets which does not have unicast source IP address"
add action=drop chain=input in-interface=pppoe-out1 \
src-address-list=NotPublic comment=\
"Drop all packets from public internet which should not exist in public network"
add chain=forward connection-state=established,related \
comment="Accept established and related packets"
add action=drop chain=forward connection-state=invalid \
comment="Drop invalid packets"
add action=drop chain=forward connection-nat-state=!dstnat \
connection-state=new in-interface=pppoe-out1 comment=\
"Drop new connections from internet which are not dst-natted"
add action=drop chain=forward in-interface=pppoe-out1 \
src-address-list=NotPublic comment=\
"Drop all packets from public internet which should not exist in public network"
add action=drop chain=forward dst-address-list=NotPublic \
in-interface=bridge comment=\
"Drop all packets from LAN to internet which should not exist in public network"
add action=drop chain=forward in-interface=bridge \
src-address=!192.168.88.0/24 comment=\
"Drop all packets in local network which does not have local network address"
add action=jump chain=forward jump-target=icmp protocol=icmp \
comment="Jump for icmp forward flow"
add chain=icmp icmp-options=0:0 protocol=icmp \
comment="Echo Reply"
add chain=icmp icmp-options=3:0 protocol=icmp \
comment="Net Unreachable"
add chain=icmp icmp-options=3:1 protocol=icmp \
comment="Host Unreachable"
add chain=icmp icmp-options=3:4 protocol=icmp \
comment="Fragmentation Needed and DF set"
add chain=icmp icmp-options=4:0 protocol=icmp \
comment="Source Quench"
add chain=icmp icmp-options=8:0 protocol=icmp \
comment="Allow Echo Request"
add chain=icmp icmp-options=11:0 protocol=icmp \
comment="Allow Time Exceeded"
add chain=icmp icmp-options=12:0 protocol=icmp \
comment="Parameter Bad"
add action=drop chain=icmp log=yes \
log-prefix="Drop Other Types" comment="Deny Other Types"
add action=jump chain=output jump-target=icmp protocol=icmp \
comment="Jump for icmp output flow"
/system scheduler
add comment="Check and set NTP servers" interval=6h name=SetNtpServers \
on-event="# SetNtpServers - Check and set NTP servers from NTP pool\\

# v1.2 Tested and Developed on ROS v5.7\\

#\\

# Change the following line as needed as progName should match script na\\
me \\

:local progName \\"SetNtpServers\";\

\

# Array of NTP pools to use (check www.pool.ntp.org) one or a maximum of\
\_two, a primary & secondary\

# Modify the following line and array variable based on your locale (def\
ault is north america).\

:local arrNtpSystems (\"taiwan.pool.ntp.org\", \"asia.pool.ntp.org\");\

# Alternatively the TW related pool below can be used. \

#:local arrNtpSystems (\"taiwan.pool.ntp.org\", \"asia.pool.ntp.org\");\

#\

# No modification is necessary beyond this line.\

:put \"\$progName: Running...\";\

:log info \"\$progName: Running...\";\

:set arrNtpSystems [ :toarray \$arrNtpSystems ];\

:if (( [ :len \$arrNtpSystems ] < 1 ) or ( [ :len \$arrNtpSystems ] > 2 \
)) do={ \

:put \"\$progName: ERROR NTP Systems array (\\\$arrNtpSystems) must \
be either one or two DNS names.\";\

:log info \"\$progName: ERROR NTP Systems array (\\\$arrNtpSystems) \
must be either one or two DNS names.\";\

} else={\

:local arrRosNtpSetting (\"primary-ntp\", \"secondary-ntp\");\

:local i 0;\

:foreach strNtpSystem in (\$arrNtpSystems) do={\

:local ipAddrNtpSystem [ :resolve \$strNtpSystem ];\

:local strRosNtpSetting [ :pick \$arrRosNtpSetting \$i ];\

:local strCurrentNtpIp [ /system ntp client get \$strRosNtpSetti\
ng ];\

:put \"\$progName: NTP server DNS name \$strNtpSystem resolves t\
o \$ipAddrNtpSystem.\";\

:log info \"\$progName: NTP server DNS name \$strNtpSystem resol\
ves to \$ipAddrNtpSystem.\";\

:put \"\$progName: Current \$strRosNtpSetting setting is \$strCu\
rrentNtpIp.\";\

:log info \"\$progName: Current \$strRosNtpSetting setting is \$\
strCurrentNtpIp.\";\

:if ( [ :toip \$ipAddrNtpSystem ] != [ :toip \$strCurrentNtpIp ]\
\_) do={\

:put \"\$progName: Changing \$strRosNtpSetting setting to \$\
ipAddrNtpSystem.\";\

:log info \"\$progName: Changing \$strRosNtpSetting setting \
to \$ipAddrNtpSystem.\";\

:local strCommand [ :parse \"/system ntp client set \$strRos\
NtpSetting=\\\"\$ipAddrNtpSystem\\\"\" ];\

\$strCommand;\

} else={\

:put \"\$progName: No changes were made for the \$strRosNtpS\
etting NTP setting.\";\

:log info \"\$progName: No changes were made for the \$strRo\
sNtpSetting NTP setting.\";\

}\

:set i (\$i + 1);\

}\

}\

:put \"\$progName: Done.\";\

:log info \"\$progName: Done.\";" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-time=startup
/queue type
add kind=pcq name=PCQ_download pcq-classifier=dst-address
add kind=pcq name=PCQ_upload pcq-classifier=src-address
/queue tree
add burst-limit=100M burst-threshold=88M burst-time=5s max-limit=95M \
name=queue1 packet-mark=client_download parent=bridge queue=\
PCQ_download
add burst-limit=40M burst-threshold=20M burst-time=5s max-limit=38M \
name=queue2 packet-mark=client_upload parent=pppoe-out1 queue=\
PCQ_upload
/ip firewall mangle
add action=change-mss chain=forward comment="Change MSS" \
new-mss=clamp-to-pmtu passthrough=yes protocol=tcp tcp-flags=syn
add action=change-mss chain=output new-mss=clamp-to-pmtu \
passthrough=yes protocol=tcp tcp-flags=syn
add action=mark-packet chain=prerouting in-interface=bridge \
new-packet-mark=client_upload passthrough=yes
add action=mark-packet chain=prerouting in-interface=pppoe-out1 \
new-packet-mark=client_download passthrough=yes
add action=jump chain=prerouting connection-state=new dst-port=443 \
jump-target=tcp-services protocol=tcp
add action=jump chain=prerouting connection-state=new jump-target=\
tcp-services protocol=tcp
add action=jump chain=prerouting connection-state=new jump-target=\
udp-services protocol=udp
add action=jump chain=prerouting connection-state=new jump-target=\
other-services
add action=mark-connection chain=tcp-services dst-port=20-21 \
new-connection-mark=ftp passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=22 \
new-connection-mark=ssh passthrough=no protocol=tcp src-port=513-65535
add action=mark-connection chain=tcp-services dst-port=23 \
new-connection-mark=telnet passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=25 \
new-connection-mark=smtp passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=53 \
new-connection-mark=dns passthrough=no protocol=tcp src-port=53
add action=mark-connection chain=tcp-services dst-port=53 \
new-connection-mark=dns passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=80 \
new-connection-mark=http passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=110 \
new-connection-mark=pop3 passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=113 \
new-connection-mark=auth passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=119 \
new-connection-mark=nntp passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=137-139 \
new-connection-mark=netbios passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=143 \
new-connection-mark=imap passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=161-162 \
new-connection-mark=snmp passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-address=78.31.0.0/16 \
dst-port=443 new-connection-mark=spotify passthrough=no \
protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-address=!78.31.0.0/16 \
dst-port=443 new-connection-mark=https passthrough=no \
protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=445 \
new-connection-mark=ms-ds passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=465 \
new-connection-mark=smtps passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=990 \
new-connection-mark=ftps passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=993 \
new-connection-mark=imaps passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=995 \
new-connection-mark=pop3s passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=1080 \
new-connection-mark=socks passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=1723 \
new-connection-mark=pptp passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=1863 \
new-connection-mark=msn passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=2379 \
new-connection-mark=kgs passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=3128 \
new-connection-mark=squid-proxy passthrough=no protocol=tcp \
src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=3389 \
new-connection-mark=win-ts passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=3845 \
new-connection-mark=smartpass passthrough=no protocol=tcp \
src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=4070 \
new-connection-mark=spotify passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=2000-3000 \
new-connection-mark=bwtest passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=4242-4243 \
new-connection-mark=emule passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=1024-65535 \
new-connection-mark=overnet passthrough=no protocol=tcp src-port=4661-4662
add action=mark-connection chain=tcp-services dst-port=1024-65535 \
new-connection-mark=emule passthrough=no protocol=tcp src-port=4711
add action=mark-connection chain=tcp-services dst-port=5900-5901 \
new-connection-mark=vnc passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=6667-6669 \
new-connection-mark=irc passthrough=no protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=8080 \
new-connection-mark=http-proxy passthrough=no protocol=tcp \
src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=8291 \
new-connection-mark=winbox passthrough=no protocol=tcp \
src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=42041-42052 \
new-connection-mark=voddler passthrough=no protocol=tcp \
src-port=1024-65535
add action=mark-connection chain=tcp-services dst-port=55536-55663 \
new-connection-mark=ftp-passive passthrough=no protocol=tcp \
src-port=1024-65535
add action=mark-connection chain=tcp-services new-connection-mark=\
other-tcp passthrough=no protocol=tcp
add action=mark-connection chain=udp-services dst-port=53 \
new-connection-mark=dns passthrough=no protocol=udp \
src-port=1024-65535
add action=mark-connection chain=udp-services dst-port=67 \
new-connection-mark=dhcp passthrough=no protocol=udp src-port=67-68
add action=mark-connection chain=udp-services dst-port=123 \
new-connection-mark=ntp passthrough=no protocol=udp src-port=123
add action=mark-connection chain=udp-services dst-port=123 \
new-connection-mark=ntp passthrough=no protocol=udp \
src-port=1024-65535
add action=mark-connection chain=udp-services dst-port=137-139 \
new-connection-mark=netbios passthrough=no protocol=udp \
src-port=1024-65535
add action=mark-connection chain=udp-services dst-port=161-162 \
new-connection-mark=snmp passthrough=no protocol=udp \
src-port=1024-65535
add action=mark-connection chain=udp-services dst-port=514 \
new-connection-mark=syslog passthrough=no protocol=udp \
src-port=1024-65535
add action=mark-connection chain=udp-services dst-port=1701 \
new-connection-mark=l2tp passthrough=no protocol=udp \
src-port=1024-65535
add action=mark-connection chain=udp-services dst-port=3544 \
new-connection-mark=ms-ipv6 passthrough=no protocol=udp \
src-port=1024-65535
add action=mark-connection chain=udp-services dst-port=4665 \
new-connection-mark=emule passthrough=no protocol=udp \
src-port=1024-65535
add action=mark-connection chain=udp-services dst-port=4672 \
new-connection-mark=emule passthrough=no protocol=udp \
src-port=1024-65535
add action=mark-connection chain=udp-services dst-port=2000-3000 \
new-connection-mark=bwtest passthrough=no protocol=udp \
src-port=1024-65535
add action=mark-connection chain=udp-services dst-port=1024-65535 \
new-connection-mark=emule passthrough=no protocol=udp src-port=4672
add action=mark-connection chain=udp-services dst-port=12053 \
new-connection-mark=overnet passthrough=no protocol=udp \
src-port=1024-65535
add action=mark-connection chain=udp-services dst-port=20561 \
new-connection-mark=mac-winbox passthrough=no protocol=udp \
src-port=1024-65535
add action=mark-connection chain=udp-services dst-port=42041-42052 \
new-connection-mark=voddler passthrough=no protocol=udp \
src-port=1024-65535
add action=mark-connection chain=udp-services dst-port=1024-65535 \
new-connection-mark=overnet passthrough=no protocol=udp src-port=12053
add action=mark-connection chain=udp-services dst-port=1024-65535 \
new-connection-mark=skype passthrough=no protocol=udp src-port=36725
add action=mark-connection chain=udp-services new-connection-mark=\
other-udp passthrough=no protocol=udp
add action=mark-connection chain=other-services icmp-options=8:0-255 \
new-connection-mark=ping passthrough=no protocol=icmp
add action=mark-connection chain=other-services new-connection-mark=gre \
passthrough=no protocol=gre
add action=mark-connection chain=other-services new-connection-mark=other \
passthrough=no
/ip firewall raw
add action=drop chain=prerouting comment="Block Teredo IPv6-tunnel" \
dst-port=3544,3545 protocol=udp
--
A$AP Rocky - A$AP Forever (Official Video) ft. Moby
寶貝:)開心最重要.嘻哈!
有人跟我說喜歡石頭外牆的房子,有人說喜歡庭園中間一棵樹,今天朋友傳來訊息,天母開了家星巴克,條件符合





achitsai wrote:
有人跟我說喜歡石頭...(恕刪)


這個地點很不錯,都是租給大型餐飲連鎖,以前好像是哈根大支的庭園餐廳呢!

蜜小雪 wrote:
那當然, 最近圓滾滾的, 那個角度都一樣圓...........(恕刪)


360度無死角!

achitsai wrote:
有人跟我說喜歡石頭...(恕刪)

台灣第一家星巴克就是開在天母啊,
那是民國87年的事了,當時天母還有很多老外,
不過我沒喝咖啡......


亮哥+ wrote:
360度無死角!...(恕刪)


女王踢人也是360度無死角!
一雙玉臂千人枕、半點朱唇萬客嚐,還君明珠雙淚垂、恨不相逢未嫁時

亮哥+ wrote:
這個地點很不錯,都...(恕刪)

緊臨的另一個獨棟店面目前也是空的....區域是不復當年榮景





KingDavid520 wrote:
當時天母還有很多老外..(恕刪)

老外


限制級
您即將進入之討論頁 需滿18歲 方可瀏覽。
提醒:內容可能因過於寫實、驚悚而令人感到不舒服,是否繼續觀看?

根據「電腦網路內容分級處理辦法」修正條文第六條第三款規定,已於該限制級網頁,依台灣網站分級推廣基金會規定作標示。
評分
複製連結
請輸入您要前往的頁數(1 ~ 7364)